Authenticated stored XSS vulnerability in WordPress Fruitful theme.
The WordPress Fruitful theme, which has 9,000+ active installations, was prone to an authenticated stored XSS vulnerability in version 3.8.1 and below.
The Ninja Technologies Network
The WordPress Fruitful theme, which has 9,000+ active installations, was prone to an authenticated stored XSS vulnerability in version 3.8.1 and below.
The WordPress Download Plugins and Themes from Dashboard plugin, which has 10,000+ active installations, was prone to an unauthenticated stored XSS vulnerability in version 1.5.0 and below.
The WordPress Coming Soon Page and Maintenance Mode (7,000+ active installations), was prone to unauthenticated stored XSS and settings reset vulnerabilities in version 1.7.8 and below.
The WordPress Shortlinks by Pretty Links plugin, which has over 200,000 active installations, was prone to stored XSS and CSV injection vulnerabilities in version 2.1.9 and below.
NinTechNet identified multiple XSS vulnerabilities in the All In One WP Security & Firewall v4.0.7 plugin. The affected parameter was ‘tab’ (all pages): /wp-admin/admin.php?page=aiowpsec&tab=[XSS] /wp-admin/admin.php?page=aiowpsec_settings&tab=[XSS] /wp-admin/admin.php?page=aiowpsec_useracc&tab=[XSS]…